Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

xp antivirus 2008 /pc-cleaner [RESOLVED]

gciron1

Posted 06 August 2008 - 08:25 AM

gciron1

Member

Member

41 posts

good morning all,

my computer had pc cleaner and pc anti virus 2008. the computer kept flashing dowload the program.
it made the computer go to a crawl. i tried to delete but had no luck. i tried using ms dos to delete but i do not think it is done. now when the computer reboots it will only go to 'safemode' and says it cannot boot properly.

i have read the posting on what to do prior to making a hijack this post.

Advertisements

greyknight17

Posted 10 August 2008 - 12:23 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Is this for the same computer you posted about a week ago?

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

gciron1

Posted 11 August 2008 - 08:36 AM

gciron1

Member

Topic Starter

Member

41 posts

thank you for the reply, no it is not the same computer, it was my friend Dan's home computer, but he is not too good with computers. This computer is my computer. it has a problem now.. I read this sight often and try to fix my own stuff rather than post, sometimes i am able to fix quite a bit of the problems and other times i have not luck.

Save this as CFScript.txt in the same location as the ComboFix.exe tool.Drag the CFScript.txt into ComboFix.exeFollow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

greyknight17

Posted 13 August 2008 - 04:09 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

No problem...

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe* Save it to your desktop.* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.* Click the red Moveit! button.* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Click OK (FixIEDef requires Adminstrator Privileges to run correctly. This box tells you that FixIEDef successfully elevated it's privileges to that of Administrator)

WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.* Click 'Check Now' & a pop-up window will appear.* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).* Begin the scan by selecting My Computer.* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.* Click on see report. Then click Save report.* Post that log in your next reply.

Boot State : Normal boot
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\*.*
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\system32\LuResult.txt
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!

Attached Files

greyknight17

Posted 16 August 2008 - 05:38 PM

Run ATF Cleaner again to clear out the temp and cookie files for Internet Explorer and Firefox. Go into Firefox->Tools->Clear Private Data and hit OK to delete all your cookie and temp files.

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe* Save it to your desktop.* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.* Click the red Moveit! button.* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.2. If you don't get the intro screen, just hit Scan and then click on Save log.3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

gciron1

Posted 17 August 2008 - 05:39 PM

gciron1

Member

Topic Starter

Member

41 posts

generally speaking the computer is running better, but after doing all of the scans and seeing all the problems i just want to get it all off the computer.... i have otmoveit2 and hijack.... i will post all three logs tomorrow morning.. thanks again